一個多禮拜前引起蠻多討論的一篇文章，利用 Unicode Domain 釣魚的方法：「Phishing with Unicode Domains」。 由於這是幾乎完美的攻擊，所以被提出來後 (Security: Whole-script confusable domain label spoofing) 有不少討論： This bug was reported to Chrome and Firefox on January 20, 2017 and was fixed in the Chrome trunk on March 24. The fix is … Continue reading →

在 Facebook 上看到剛剛在 Hacker News 上熱起來的「Onedrive is slow on Linux but fast with a “Windows” user-agent (2016)」這篇，引用了 2016 年在 Microsoft Community 上的討論：「Onedrive for Business open is very slow on Linux (Chrome/Firefox) but with very fast with a "Windows" user-agent」。 在 … Continue reading →

順著 SHA-1 正式被打穿，Mozilla 也正式宣佈從下一個版本的 Firefox 將完全關閉 SHA-1 支援 (看敘述應該還是可以透過 about:config 開)：「The end of SHA-1 on the Public Web」。 As announced last fall, we’ve been disabling SHA-1 for increasing numbers of Firefox users since the release of Firefox 51 using a … Continue reading →